|
|
|
|
#![feature(cfg_eval, adt_const_params)]
|
|
|
|
|
|
|
|
|
|
pub mod prelude {
|
|
|
|
|
pub use crate::{
|
|
|
|
|
authenticator::{
|
|
|
|
|
assertion::get,
|
|
|
|
|
bio_enrollment, client_pin, config,
|
|
|
|
|
credential::{make, management},
|
|
|
|
|
device, reset, selection,
|
|
|
|
|
},
|
|
|
|
|
Command, Ctap2_2Authenticator,
|
|
|
|
|
};
|
|
|
|
|
pub use fido_common::*;
|
|
|
|
|
}
|
|
|
|
|
use prelude::*;
|
|
|
|
|
|
|
|
|
|
pub mod authenticator;
|
|
|
|
|
pub mod extensions;
|
|
|
|
|
|
|
|
|
|
/// Defines the raw CTAP operations
|
|
|
|
|
pub trait Ctap2_2Authenticator {
|
|
|
|
|
/// > This method is invoked by the host to request generation of a new
|
|
|
|
|
/// > credential in the authenticator.
|
|
|
|
|
fn make_credential(&mut self, request: make::Request) -> Result<make::Response, make::Error>;
|
|
|
|
|
|
|
|
|
|
/// > This method is used by a host to request cryptographic proof of user
|
|
|
|
|
/// > authentication as well as user consent to a given transaction, using a
|
|
|
|
|
/// > previously generated credential that is bound to the authenticator and
|
|
|
|
|
/// > relying party identifier.
|
|
|
|
|
fn get_assertion(&mut self, request: get::Request) -> Result<get::Response, get::Error>;
|
|
|
|
|
|
|
|
|
|
/// > Using this method, platforms can request that the authenticator report
|
|
|
|
|
/// > a list of its supported protocol versions and extensions, its AAGUID,
|
|
|
|
|
/// > and other aspects of its overall capabilities. Platforms should use
|
|
|
|
|
/// > this information to tailor their command parameters choices.
|
|
|
|
|
fn get_info(&self) -> device::Info;
|
|
|
|
|
|
|
|
|
|
/// > This command exists so that plaintext PINs are not sent to the
|
|
|
|
|
/// > authenticator. Instead, a PIN/UV auth protocol (aka
|
|
|
|
|
/// > `pinUvAuthProtocol`) ensures that PINs are encrypted when sent to an
|
|
|
|
|
/// > authenticator and are exchanged for a `pinUvAuthToken` that serves to
|
|
|
|
|
/// > authenticate subsequent commands.
|
|
|
|
|
fn client_pin(
|
|
|
|
|
&mut self,
|
|
|
|
|
request: client_pin::Request,
|
|
|
|
|
) -> Result<client_pin::Response, client_pin::Error>;
|
|
|
|
|
|
|
|
|
|
/// > This method is used by the client to reset an authenticator back to a
|
|
|
|
|
/// > factory default state.
|
|
|
|
|
fn reset(&mut self) -> Result<(), reset::Error>;
|
|
|
|
|
|
|
|
|
|
fn bio_enrollment(
|
|
|
|
|
&mut self,
|
|
|
|
|
request: bio_enrollment::Request,
|
|
|
|
|
) -> Result<bio_enrollment::Response, bio_enrollment::Error>;
|
|
|
|
|
|
|
|
|
|
// > This command is used by the platform to manage discoverable
|
|
|
|
|
// > credentials on the authenticator.
|
|
|
|
|
fn credential_management(
|
|
|
|
|
&mut self,
|
|
|
|
|
request: management::Request,
|
|
|
|
|
) -> Result<management::Response, management::Error>;
|
|
|
|
|
|
|
|
|
|
/// > This command allows the platform to let a user select a certain
|
|
|
|
|
/// > authenticator by asking for user presence.
|
|
|
|
|
fn selection(&mut self) -> Result<(), authenticator::selection::Error>;
|
|
|
|
|
|
|
|
|
|
// fn large_blobs() -> Result<(), ()>;
|
|
|
|
|
|
|
|
|
|
// > This command is used to configure various authenticator features
|
|
|
|
|
// > through the use of its subcommands.
|
|
|
|
|
fn authenticator_config(&mut self, request: config::Request) -> Result<(), config::Error>;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[repr(u8)]
|
|
|
|
|
pub enum Command {
|
|
|
|
|
AuthenticatorMakeCredential = 0x01,
|
|
|
|
|
AuthenticatorGetAssertion = 0x02,
|
|
|
|
|
AuthenticatorGetNextAssertion = 0x08,
|
|
|
|
|
AuthenticatorGetInfo = 0x04,
|
|
|
|
|
AuthenticatorClientPin = 0x06,
|
|
|
|
|
AuthenticatorReset = 0x07,
|
|
|
|
|
AuthenticatorBioEnrollment = 0x09,
|
|
|
|
|
AuthenticatorCredentialManagement = 0x0A,
|
|
|
|
|
AuthenticatorSelection = 0x0B,
|
|
|
|
|
AuthenticatorLargeBlobs = 0x0C,
|
|
|
|
|
AuthenticatorConfig = 0x0D,
|
|
|
|
|
PrototypeAuthenticatorBioEnrollment = 0x40,
|
|
|
|
|
PrototypeAuthenticatorCredentialmanagement = 0x41,
|
|
|
|
|
}
|
